As part of that probe, a New York federal grand jury "has subpoenaed records from at least two prominent makers of smartphones and other devices," both of which "had entered into partnerships with Facebook, gaining broad access to the personal information of hundreds of millions of its users," The New York Times reported on Wednesday, citing two anonymous sources.

It's not clear when the criminal probe, being conducted by the U.S. attorney's office for the Eastern District of New York, first launched or what it is investigating, the Times reports.

Facebook did not immediately respond to Information Security Media Group's request for comment.

"We are cooperating with investigators and take those probes seriously," a Facebook spokesman told the Times. "We've provided public testimony, answered questions and pledged that we will continue to do so."

At one time, Facebook had data-sharing deals with more than 150 companies, including Amazon, Apple, Microsoft and Sony, the Times reported. Other companies with access to Facebook data included ABC Television Network, dating site Hinge, streaming service Netflix, Russian webmail portal Mail.ru, Salesforce.com's "social listening tool" Radian6 and shipping giant UPS.

Last year, Facebook told Congress that it had phased out deals with many of these companies beginning in 2015. But the Wall Street Journal reported last June that Facebook had struck special deals with many companies, including Nissan, that allowed them to access data for much longer (see: Facebook to Congress: We Shared More Data Than We Said).

Facing questions from lawmakers, Facebook told the House Energy and Commerce Committee in 747 pages of answers last year that third parties and external apps had access to users' friends' data, "such as name, gender, birth date, location, photos and page likes," sometimes without their consent.

Cambridge Analytica Scandal

Facebook continues to face ongoing scrutiny over its data security and privacy practices, largely triggered by Cambridge Analytica, the now-defunct analytics firm that worked on President Donald Trump's election campaign for about five months and also worked with the "Leave" campaign during Britain's 2016 "Brexit" referendum on its EU membership.

Last year, it came to light that Cambridge Analytica had obtained 87 million profiles for the social network's users via a personality quiz created by Alexander Kogan, a Cambridge University researcher.

How did Cambridge Analytica obtain so much data about Facebook users?

Officials at Facebook attempted to deflect blame for the problem by claiming that its terms of service had been violated. But privacy experts and regulators began asking why the service wasn't doing more to monitor and restrict access to users' data. Facebook CEO Mark Zuckerberg also began appearing before Congress to answer questions, and the social network announced an internal investigation and clamp down on third-party use of its data.

"I believe it's important to tell people exactly how the information that they share on Facebook is going to be used," Facebook CEO Mark Zuckerberg testified before U.S. Senate committees on April 11, 2018. "I think everyone should have control over how their information is used."

The federal grand jury in New York appears to be investigating how Facebook may have profited from these data deals.

Regulators Respond

These aren't the only regulatory and criminal investigations Facebook has faced over Cambridge Analytica.

The U.S. Securities and Exchange Commission has also been investigating Facebook. And a Justice Department investigation into Cambridge Analytica being run by Northern District of California prosecutors continues to probe Facebook's claims that it was misled by the analytics firm, the Times reports.

Last October, the U.K. Information Commissioner's Office hit Facebook with a £500,000 ($660,000) for violating the country's rules on processing personal data and as well as failing "to take appropriate technical and organizational measures against unauthorized or unlawful processing of personal data" (see: Facebook Slammed With Maximum UK Privacy Fine).

UK Seeks New 'Digital Authority'

Some countries are seeking more permanent solutions. This week, a U.K. House of Lords report recommended that Facebook and other social media firms be regulated by a new "Digital Authority."

"Self-regulation by online platforms is clearly failing. The current regulatory framework is out of date," says Stephen Gilbert, the Conservative chairman of the House's communications committee.

"Without intervention, the largest tech companies are likely to gain ever more control of technologies which extract personal data and make decisions affecting people's lives," he says. "Our proposals will ensure that rights are protected online as they are offline while keeping the internet open to innovation and creativity, with a new culture of ethical behavior embedded in the design of service."

On Wednesday, Netscout's threat intelligence team said the outages appear to trace to "an accidental BGP [Border Gateway Protocol] routing leak from a European ISP to a major transit ISP, which was then propagated onwards to some peers and/or downstreams of the transit ISP in question."

BGP distributes routing information, enabling routers to connect users with specific IP address prefixes. It has been regularly exploited by criminal gangs and nation-state actors. But Netscout says the BGP routing leak does not appear to be "malicious in nature."

Update

Later on Thursday, Facebook blamed the outage on a "server configuration change."

Yesterday, as a result of a server configuration change, many people had trouble accessing our apps and services. We've now resolved the issues and our systems are recovering. We're very sorry for the inconvenience and appreciate everyone's patience.

About the Author

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.